Darren996 wrote:
Anyway, I would like to be able to change the session time out for normal users to 0 so the validated user is not timed out as long as they keep the browser open. I would have to hack the core though cause the time() is added to the timeout value to determine cookie expiration. Does that make sense? If the timeout value is zero then set the cookie timeout value to zero?

As of 1.0.8 cookies do not contain a timeout value, they will stay 'live' until the browser is closed.

However, the system will clear the session value in jos_sessions after a period of inactivity set in you global config setting.
If you need sessions to stay ative longer, than you can set the inactive value higher.

For security purposes a valid frontend logged in session, a persons browser must have the correct cookie and there must be a corresponding entry in jos_session. Without both you will be logged out.

I've bumped that up to two hours but people still lose stuff. I guess then the real issue would be that the post values need to preserved while the user is directed to the login screen and then redirected back to where ever it was they where going after a valid login.

I'm experiencing this problem. It's not clear what setting has to be made in what file.

As I use a hosting provider I would prefer a solution that doesn't require they make a change on the server that would impact the performance of the server or other hosted sites.

How about a hack that toggles the session management of the backend to ne handled just like the front end? This is a security risk I'm willing to accept, or atleast to toggle back when I'm finished some maintenance.

I have a $50 reward if someone can fix this problem, otherwise I have to choose a Joomla friendly host or a host friendly CMS (i.e. goodbye Joomla).

I'm not a programmer, but couldn't a hack be designed that would simulate some sort of admin activity every 29 minutes or whatever, for as long as the admin in question chose to have it on? Thus creating a persistent admin login without compromising Joomla's security?

I'd also like to add that the "feature" of constantly being redirected to the admin login page, and then dumped at the main admin screen instead of where you left off (never mind losing the data, which is obviously a giant PITA...I'm just talking about losing your place in the admin area), is a horrible, horrible feature. Joomla has a lot of usability problems, but this one probably takes the cake. How many extra clicks have collectively been done by the user community, just finding our way back to where we were before being jerked over to the admin login page, and dumped at the main menu? A million? 10 million? And how much lost time - again, not counting the painful lost time of losing one's work...just counting all that unnecessary finding our way back to the spot we had been at. 1000 hours? 10,000 hours?

And it's been that way at least since last year at this time, so it's not like there hasn't been time to fix this horrible, horrible feature.

I want to love Joomla, a lot in fact, but it has some seriously hardcore time-wasting usability issues. The admin area, which I used to see as slick and sophisticated, strikes me more and more as unnecessarily difficult-- even obstructive.

I can't pay any money, but I would just about worship anyone who could create a hack like what I described above. Something that makes my Joomla think that I'm doing enough admin activity to keep me logged in forever...or at least as long as I want.

I guess I've been spoiled by using WordPress a lot over the past year. I didn't know how spoiled until I set up a new Joomla-based site these past couple weeks. I keep having to persuade myself not to bolt, and hoping that at some point in the not too distant future, the developer team will recognize how unnecessarily difficult the admin area can be to use. Aside from the persistent logout "feature" and the horrible redirection to the main admin page feature, the template editing setup is needlessly tedious (try tinkering with one template repeatedly, and see how much unnecessary mouse activity you do, re-navigating to that edit page each time...or just compare it to WP's template editing page), and the feature of forcing folks to "please click cancel or save changes" when they want to navigate away from an open edit page...all these things serve to create untold amounts of unnecessary clicking, mousing, and waiting for new pages to load. I just keep thinking of the thousands of hours of people's time that is wasted on all the extra steps caused by these things.

I'm sure there are explanations as to why these things are the way they are, but it doesn't change that they are serious usability issues.

freelancelance wrote:
I'd also like to add that the "feature" of constantly being redirected to the admin login page, and then dumped at the main admin screen instead of where you left off (never mind losing the data, which is obviously a giant PITA...I'm just talking about losing your place in the admin area), is a horrible, horrible feature.

I know this is a really old thread, but there is a very simple solution that I stumbled across long ago. Open one browser tab to an article. Open another tab to do your work. as long as that article stays on its edit page, you'll remain logged in. Too bad I didn't see this 6 years ago to tell you then.